VERSION 0.6
ARG DOCKERHUB_USER_SECRET=+secrets/DOCKERHUB_USER
ARG DOCKERHUB_TOKEN_SECRET=+secrets/DOCKERHUB_TOKEN
ARG DOCKERHUB_MIRROR
ARG DOCKERHUB_MIRROR_INSECURE=false
ARG DOCKERHUB_AUTH=true
FROM ..+base \
    --DOCKERHUB_AUTH=$DOCKERHUB_AUTH \
    --DOCKERHUB_USER_SECRET=$DOCKERHUB_USER_SECRET \
    --DOCKERHUB_TOKEN_SECRET=$DOCKERHUB_TOKEN_SECRET \
    --DOCKERHUB_MIRROR=$DOCKERHUB_MIRROR \
    --DOCKERHUB_MIRROR_INSECURE=$DOCKERHUB_MIRROR_INSECURE

all:
    BUILD +git-clone-private-https-set-by-args
    BUILD +git-clone-private-https-set-by-config-command
    BUILD +git-clone-private-https-set-by-config-file
    BUILD +git-clone-private-https-set-by-netrc


git-clone-private-https-base:
    FROM ../git-webserver+server-with-user-directory \
        --DOCKERHUB_AUTH=$DOCKERHUB_AUTH \
        --DOCKERHUB_USER_SECRET=$DOCKERHUB_USER_SECRET \
        --DOCKERHUB_TOKEN_SECRET=$DOCKERHUB_TOKEN_SECRET \
        --DOCKERHUB_MIRROR=$DOCKERHUB_MIRROR \
        --DOCKERHUB_MIRROR_INSECURE=$DOCKERHUB_MIRROR_INSECURE
    RUN echo "#!/bin/sh
set -ex

# first ensure these two /etc/hosts entries are working
ping -c 1 selfsigned.example.com
ping -c 1 buildkitsandbox

# ensure we cant clone without a password
curl https://selfsigned.example.com/testuser/repo.git/info/refs?service=git-upload-pack 2>&1 | grep '401 Authorization Required'

test -z \"\$SSH_AUTH_SOCK\"
" >/tmp/test-earthly-script && chmod +x /tmp/test-earthly-script


git-clone-private-https-set-by-args:
    FROM +git-clone-private-https-base
    RUN echo "
# the git-username and git-password flags are deprecated and only work for github.com, gitlab.com, or bitbucket.com
# however, if we enable a new config and set it to auto here; this will allow the flags to override the username and password settings
earthly --config \$earthly_config  config git \"{selfsigned.example.com: {auth: auto}}\"

# test https password can be set via command line args
#earthly --config \$earthly_config -VD --git-username=testuser --git-password=keepitsecret +test
earthly --config \$earthly_config -VD --git-username=testuser --git-password=keepitsecret selfsigned.example.com/testuser/repo:main+hello
" >> /tmp/test-earthly-script
    DO +RUN_EARTHLY_ARGS --pre_command=start-nginx-with-git --earthfile=git-clone-private-https.earth --exec_cmd=/tmp/test-earthly-script


git-clone-private-https-set-by-config-command:
    FROM +git-clone-private-https-base
    RUN echo "
earthly --config \$earthly_config  config git \"{selfsigned.example.com: {auth: https, user: testuser, password: keepitsecret}}\"
earthly --config \$earthly_config --verbose -D +test
earthly --config \$earthly_config --verbose -D selfsigned.example.com/testuser/repo:main+hello
" >> /tmp/test-earthly-script
    DO +RUN_EARTHLY_ARGS --pre_command=start-nginx-with-git --earthfile=git-clone-private-https.earth --exec_cmd=/tmp/test-earthly-script


git-clone-private-https-set-by-config-file:
    FROM +git-clone-private-https-base
    RUN echo "
cat << EOF >> \$earthly_config
git:
  selfsigned.example.com:
    auth: https
    user: testuser
    password: keepitsecret
EOF

earthly --config \$earthly_config --verbose -D +test
earthly --config \$earthly_config --verbose -D selfsigned.example.com/testuser/repo:main+hello
" >> /tmp/test-earthly-script
    DO +RUN_EARTHLY_ARGS --pre_command=start-nginx-with-git --earthfile=git-clone-private-https.earth --exec_cmd=/tmp/test-earthly-script


git-clone-private-https-set-by-netrc:
    FROM +git-clone-private-https-base
    RUN echo "
echo \"machine selfsigned.example.com
login testuser
password keepitsecret\" > ~/.netrc

earthly --config \$earthly_config --verbose -D +test
earthly --config \$earthly_config --verbose -D selfsigned.example.com/testuser/repo:main+hello
" >> /tmp/test-earthly-script
    DO +RUN_EARTHLY_ARGS --pre_command=start-nginx-with-git --earthfile=git-clone-private-https.earth --exec_cmd=/tmp/test-earthly-script

RUN_EARTHLY_ARGS:
    COMMAND
    ARG earthfile
    ARG pre_command
    ARG exec_cmd
    DO ..+RUN_EARTHLY \
        --earthfile=$earthfile \
        --pre_command=$pre_command \
        --exec_cmd=$exec_cmd \
        --DOCKERHUB_AUTH=$DOCKERHUB_AUTH \
        --DOCKERHUB_USER_SECRET=$DOCKERHUB_USER_SECRET \
        --DOCKERHUB_TOKEN_SECRET=$DOCKERHUB_TOKEN_SECRET \
        --DOCKERHUB_MIRROR=$DOCKERHUB_MIRROR \
        --DOCKERHUB_MIRROR_INSECURE=$DOCKERHUB_MIRROR_INSECURE
